<?php
	$product_id = $params[1];
	if($_SERVER["REQUEST_METHOD"]=='POST') {
		$title			= strip_tags($_POST['title']);
		$ip				= getUserIP();

		$upload_fieldname	= 'image';
		$upload_extension	= file_ext($_FILES[$upload_fieldname]['name']);
		$upload_fullpath	= '../contents/product/'.md5('thumb'.time()). $upload_extension;
		if (move_uploaded_file($_FILES[$upload_fieldname]['tmp_name'], $upload_fullpath)) {
			$upload_basename = basename($upload_fullpath);
		}
 
		$sql = "INSERT INTO `tbl_product_gallery` (`gallery_id`, `title`, `product_id`, `image`, `date`) VALUES (NULL,  '$title', '$product_id', '$upload_basename', NOW());";
		mysql_query($sql) or die($sql);
		redirect('../');
		exit;
	}
?>